By using AWS re:Post, you agree to the AWS re:Post Terms of Use

IAM and S3 How to secure

0

I have created a Group (as WEB Admin), couple of uses with Admin and a S3 configured for WEB.

Would it be a good security practice if I give the Users Full S3 permissions? If I do so, in which way could I track what they do, and to configure same, perhaps via CloudTrail?

If the above is not a recommended, based on security, what would be the best way to grant those lease permissions, to the Users and the S3 Bucket?

If you could some Json examples along with technical guidelines would be appreciated.

asked a year ago292 views
2 Answers
1
Accepted Answer

I personally would not issue full S3 permissions - if an outside actor gained access to someone's credentials you might have a bad time. You could monitor them using CloudTrail, Athena queries and even Guard Duty.

Please review the official Security Best Practices for S3 here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

profile pictureAWS
EXPERT
answered a year ago
profile picture
EXPERT
reviewed 10 months ago
0

Hello David,

Thank you and appreciate that. I am novice and since I have no knowledge in JSON, I found it a bit hard and complex to understand everything explain in that document.

Would there be a more simple way, please?

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions